RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Merge pull request #539 from srvrco/mixed-case 

Fixed for mixed case domain names
pull/545/head
Tim Kimber 6 years ago
committed by GitHub
parent
17f8698a15 125fabdc33
commit
005b57ea5c
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 144 additions and 31 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -4
      .github/workflows/run-all-tests.yml
  2. +19
    -12
      getssl
  3. +24
    -0
      test/10-mixed-case-staging.bats
  4. +45
    -0
      test/10-mixed-case.bats
  5. +1
    -1
      test/7-staging-dns01-dig.bats
  6. +1
    -1
      test/7-staging-dns01-nslookup.bats
  7. +2
    -2
      test/8-staging-ecdsa.bats
  8. +34
    -0
      test/9-test--all.bats
  9. +0
    -0
      test/Dockerfile-centos7-staging
  10. +0
    -0
      test/Dockerfile-ubuntu-staging
  11. +5
    -5
      test/run-test.cmd
  12. +3
    -3
      test/run-test.sh
  13. +0
    -0
      test/test-config/getssl-staging-dns01.cfg
  14. +6
    -3
      test/test_helper.bash

+ 4
- 4
.github/workflows/run-all-tests.yml View File

@ -31,14 +31,14 @@ jobs:
run: docker-compose up -d --build run: docker-compose up -d --build
- name: Run test suite on CentOS7 - name: Run test suite on CentOS7
run: test/run-test.sh centos7 run: test/run-test.sh centos7
test-centos7-duckdns:
test-centos7-staging:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v1
- name: Build the docker-compose stack - name: Build the docker-compose stack
run: docker-compose up -d --build run: docker-compose up -d --build
- name: Run test suite on CentOS7 against Staging using DuckDNS - name: Run test suite on CentOS7 against Staging using DuckDNS
run: test/run-test.sh centos7-duckdns
run: test/run-test.sh centos7-staging
test-debian: test-debian:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -71,11 +71,11 @@ jobs:
run: docker-compose up -d --build run: docker-compose up -d --build
- name: Run test suite on Ubuntu18 - name: Run test suite on Ubuntu18
run: test/run-test.sh ubuntu18 run: test/run-test.sh ubuntu18
test-ubuntu-duckdns:
test-ubuntu-staging:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v1
- name: Build the docker-compose stack - name: Build the docker-compose stack
run: docker-compose up -d --build run: docker-compose up -d --build
- name: Run test suite on Ubuntu against Staging using DuckDNS - name: Run test suite on Ubuntu against Staging using DuckDNS
run: test/run-test.sh ubuntu-duckdns
run: test/run-test.sh ubuntu-staging

+ 19
- 12
getssl View File

@ -440,29 +440,29 @@ check_config() { # check the config files for all obvious errors
fi fi
# check domain exists # check domain exists
if [[ "$DNS_CHECK_FUNC" == "drill" ]]; then if [[ "$DNS_CHECK_FUNC" == "drill" ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "${d}")" -ge 1 ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c -i "${d}")" -ge 1 ]]; then
debug "found IP for ${d}" debug "found IP for ${d}"
else else
info "${DOMAIN}: DNS lookup failed for ${d}" info "${DOMAIN}: DNS lookup failed for ${d}"
config_errors=true config_errors=true
fi fi
elif [[ "$DNS_CHECK_FUNC" == "dig" ]]; then elif [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" -t SOA|grep -c "^${d}")" -ge 1 ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" -t SOA|grep -c -i "^${d}")" -ge 1 ]]; then
debug "found SOA IP for ${d}" debug "found SOA IP for ${d}"
elif [[ "$($DNS_CHECK_FUNC "${d}" -t A|grep -c "^${d}")" -ge 1 ]]; then
elif [[ "$($DNS_CHECK_FUNC "${d}" -t A|grep -c -i "^${d}")" -ge 1 ]]; then
debug "found A IP for ${d}" debug "found A IP for ${d}"
else else
info "${DOMAIN}: DNS lookup failed for ${d}" info "${DOMAIN}: DNS lookup failed for ${d}"
config_errors=true config_errors=true
fi fi
elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "^${d}")" -ge 1 ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c -i "^${d}")" -ge 1 ]]; then
debug "found IP for ${d}" debug "found IP for ${d}"
else else
info "${DOMAIN}: DNS lookup failed for ${d}" info "${DOMAIN}: DNS lookup failed for ${d}"
config_errors=true config_errors=true
fi fi
elif [[ "$(nslookup -query=AAAA "${d}"|grep -c "^${d}.*has AAAA address")" -ge 1 ]]; then
elif [[ "$(nslookup -query=AAAA "${d}"|grep -c -i "^${d}.*has AAAA address")" -ge 1 ]]; then
debug "found IPv6 record for ${d}" debug "found IPv6 record for ${d}"
elif [[ "$(nslookup "${d}"| grep -c ^Name)" -ge 1 ]]; then elif [[ "$(nslookup "${d}"| grep -c ^Name)" -ge 1 ]]; then
debug "found IPv4 record for ${d}" debug "found IPv4 record for ${d}"
@ -775,6 +775,9 @@ create_order() {
# find array position (This is O(n2) but that doubt we'll see performance issues) # find array position (This is O(n2) but that doubt we'll see performance issues)
dn=0 dn=0
for d in $alldomains; do for d in $alldomains; do
# Convert domain to lowercase as response from server will be in lowercase
# shellcheck disable=SC2018,SC2019
d=$(echo "$d" | tr A-Z a-z)
if [ "$d" == "$authdomain" ]; then if [ "$d" == "$authdomain" ]; then
debug "Saving authorization response for $authdomain for domain alldomains[$dn]" debug "Saving authorization response for $authdomain for domain alldomains[$dn]"
AuthLinkResponse[$dn]=$response AuthLinkResponse[$dn]=$response
@ -832,20 +835,20 @@ find_dns_utils() {
HAS_NSLOOKUP=false HAS_NSLOOKUP=false
HAS_DIG_OR_DRILL="" HAS_DIG_OR_DRILL=""
HAS_HOST=false HAS_HOST=false
if [[ -n "$(command -v nslookup)" ]]; then
if [[ -n "$(command -v nslookup 2>/dev/null)" ]]; then
debug "HAS NSLOOKUP=true" debug "HAS NSLOOKUP=true"
HAS_NSLOOKUP=true HAS_NSLOOKUP=true
fi fi
if [[ -n "$(command -v drill)" ]]; then
if [[ -n "$(command -v drill 2>/dev/null)" ]]; then
debug "HAS DIG_OR_DRILL=drill" debug "HAS DIG_OR_DRILL=drill"
HAS_DIG_OR_DRILL="drill" HAS_DIG_OR_DRILL="drill"
elif [[ -n "$(command -v dig)" ]]; then
elif [[ -n "$(command -v dig 2>/dev/null)" ]]; then
debug "HAS DIG_OR_DRILL=dig" debug "HAS DIG_OR_DRILL=dig"
HAS_DIG_OR_DRILL="dig" HAS_DIG_OR_DRILL="dig"
fi fi
if [[ -n "$(command -v host)" ]]; then
if [[ -n "$(command -v host 2>/dev/null)" ]]; then
debug "HAS HOST=true" debug "HAS HOST=true"
HAS_HOST=true HAS_HOST=true
fi fi
@ -915,8 +918,10 @@ for d in $alldomains; do
| sed -e 's:=*$::g' -e 'y:+/:-_:') | sed -e 's:=*$::g' -e 'y:+/:-_:')
debug auth_key "$auth_key" debug auth_key "$auth_key"
debug "adding dns via command: $DNS_ADD_COMMAND $d $auth_key"
if ! eval "$DNS_ADD_COMMAND" "$d" "$auth_key" ; then
# shellcheck disable=SC2018,SC2019
lower_d=$(echo "$d" | tr A-Z a-z)
debug "adding dns via command: $DNS_ADD_COMMAND $lower_d $auth_key"
if ! eval "$DNS_ADD_COMMAND" "$lower_d" "$auth_key" ; then
error_exit "DNS_ADD_COMMAND failed for domain $d" error_exit "DNS_ADD_COMMAND failed for domain $d"
fi fi
@ -1093,7 +1098,9 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
check_challenge_completion "$uri" "$d" "$keyauthorization" check_challenge_completion "$uri" "$d" "$keyauthorization"
debug "remove DNS entry" debug "remove DNS entry"
eval "$DNS_DEL_COMMAND" "$d" "$auth_key"
# shellcheck disable=SC2018,SC2019
lower_d=$(echo "$d" | tr A-Z a-z)
eval "$DNS_DEL_COMMAND" "$lower_d" "$auth_key"
# remove $dnsfile after each loop. # remove $dnsfile after each loop.
rm -f "$dnsfile" rm -f "$dnsfile"
fi fi


+ 24
- 0
test/10-mixed-case-staging.bats View File

@ -0,0 +1,24 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
@test "Check can create certificate if domain is not lowercase using staging server and DuckDNS" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
CONFIG_FILE="getssl-staging-dns01.cfg"
GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z)
setup_environment
init_getssl
create_certificate
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}

+ 45
- 0
test/10-mixed-case.bats View File

@ -0,0 +1,45 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
}
@test "Check that HTTP-01 verification works if the domain is not lowercase" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01.cfg"
GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z)
setup_environment
init_getssl
create_certificate
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}
@test "Check that DNS-01 verification works if the domain is not lowercase" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-dns01.cfg"
GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z)
setup_environment
init_getssl
create_certificate
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}

test/7-duckdns-dns01-dig.bats → test/7-staging-dns01-dig.bats View File


test/7-duckdns-dns01-nslookup.bats → test/7-staging-dns01-nslookup.bats View File


test/8-duckdns-ecdsa.bats → test/8-staging-ecdsa.bats View File


+ 34
- 0
test/9-test--all.bats View File

@ -0,0 +1,34 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
export PATH=$PATH:/getssl
}
@test "Create new certificate using --all" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
# Setup
CONFIG_FILE="getssl-http01.cfg"
setup_environment
init_getssl
cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
# Run test
run ${CODE_DIR}/getssl --all
# Check success conditions
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}

test/Dockerfile-centos7-duckdns → test/Dockerfile-centos7-staging View File


test/Dockerfile-ubuntu-duckdns → test/Dockerfile-ubuntu-staging View File


+ 5
- 5
test/run-test.cmd View File

@ -7,8 +7,8 @@ IF %2.==. GOTO NoCmd
set COMMAND=%2 %3 set COMMAND=%2 %3
:CheckAlias :CheckAlias
REM check if OS *contains* duckdns
IF NOT x%OS:duckdns=%==x%OS% GOTO duckdns
REM check if OS *contains* staging
IF NOT x%OS:staging=%==x%OS% GOTO staging
set ALIAS=%OS%.getssl.test set ALIAS=%OS%.getssl.test
set STAGING= set STAGING=
GOTO Run GOTO Run
@ -22,8 +22,8 @@ REM set COMMAND=/getssl/test/run-bats.sh
set COMMAND=bats /getssl/test set COMMAND=bats /getssl/test
GOTO CheckAlias GOTO CheckAlias
:duckdns
set ALIAS=%OS:-duckdns=%-getssl.duckdns.org
:staging
set ALIAS=%OS:-staging=%-getssl.duckdns.org
set STAGING=--env STAGING=true set STAGING=--env STAGING=true
:Run :Run
@ -33,7 +33,7 @@ docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
@echo on @echo on
docker run -it ^ docker run -it ^
--env GETSSL_HOST=%ALIAS% %STAGING% ^ --env GETSSL_HOST=%ALIAS% %STAGING% ^
--env GETSSL_OS=%OS:-duckdns=% ^
--env GETSSL_OS=%OS:-staging=% ^
-v %cd%:/getssl ^ -v %cd%:/getssl ^
--rm ^ --rm ^
--network %CurrDirName%_acmenet ^ --network %CurrDirName%_acmenet ^


+ 3
- 3
test/run-test.sh View File

@ -14,8 +14,8 @@ else
COMMAND="bats /getssl/test" COMMAND="bats /getssl/test"
fi fi
if [[ "$OS" == *"duckdns"* ]]; then
ALIAS="${OS%-duckdns}-getssl.duckdns.org"
if [[ "$OS" == *"staging"* ]]; then
ALIAS="${OS%-staging}-getssl.duckdns.org"
STAGING="--env STAGING=true" STAGING="--env STAGING=true"
else else
ALIAS="$OS.getssl.test" ALIAS="$OS.getssl.test"
@ -26,7 +26,7 @@ docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" .
# shellcheck disable=SC2086 # shellcheck disable=SC2086
docker run \ docker run \
--env GETSSL_HOST=$ALIAS $STAGING \ --env GETSSL_HOST=$ALIAS $STAGING \
--env GETSSL_OS=${OS%-duckdns} \
--env GETSSL_OS=${OS%-staging} \
-v "$(pwd)":/getssl \ -v "$(pwd)":/getssl \
--rm \ --rm \
--network ${PWD##*/}_acmenet \ --network ${PWD##*/}_acmenet \


test/test-config/getssl-duckdns01.cfg → test/test-config/getssl-staging-dns01.cfg View File


+ 6
- 3
test/test_helper.bash View File

@ -21,7 +21,7 @@ cleanup_environment() {
init_getssl() { init_getssl() {
# Run initialisation (create account key, etc) # Run initialisation (create account key, etc)
run ${CODE_DIR}/getssl -c "$GETSSL_HOST"
run ${CODE_DIR}/getssl -c "$GETSSL_CMD_HOST"
assert_success assert_success
[ -d "$INSTALL_DIR/.getssl" ] [ -d "$INSTALL_DIR/.getssl" ]
} }
@ -29,9 +29,9 @@ init_getssl() {
create_certificate() { create_certificate() {
# Create certificate # Create certificate
cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
run ${CODE_DIR}/getssl $1 "$GETSSL_HOST"
run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST"
} }
# start nginx in background on alpine via supervisord # start nginx in background on alpine via supervisord
@ -68,6 +68,9 @@ fi
export GETSSL_IP export GETSSL_IP
GETSSL_CMD_HOST=$GETSSL_HOST
export GETSSL_CMD_HOST
if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1
CERT_FILE=/etc/ssl/certs/ca-certificates.crt CERT_FILE=/etc/ssl/certs/ca-certificates.crt


Write Preview
Loading…
Cancel
Save